racoondog They have the capability of getting the lock method from an iOS device when they exploit it After First Unlock, although it doesn't always work, but when it does there's nothing they can't get. They can also exploit the secure element and just can't bypass the encryption brute force limits due to another layer inside it. It's possible they can obtain that even if the IPR capability for getting the lock method fails and brute forcing can't be done.